Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-measurement-03.txt
"Everhart, Craig" <Craig.Everhart@netapp.com> Sun, 11 November 2018 17:20 UTC
Return-Path: <Craig.Everhart@netapp.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1511E1277C8 for <nfsv4@ietfa.amsl.com>; Sun, 11 Nov 2018 09:20:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netapp.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UaI5PJlFsmjO for <nfsv4@ietfa.amsl.com>; Sun, 11 Nov 2018 09:20:42 -0800 (PST)
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on0070.outbound.protection.outlook.com [104.47.36.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CAF27126CC7 for <nfsv4@ietf.org>; Sun, 11 Nov 2018 09:20:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netapp.onmicrosoft.com; s=selector1-netapp-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9sTBToMtO7LH5dVUAJy3aNZtb9bDA9/7ymQwt8tM82A=; b=eh1ZYWOEqRmvn2KyO6oCLHHiey9B1EV9Vfeg9O+v+9A132/XeZvsAEYZH5G8sT1Zu8hPR+G2ypmu2bvyxA9mSeWT0Yl0m1CYeb6/g5dBuQUznXLFhR9dPakUoCZgY8NCdqJgC8ow9QLA+lFsxXcPRBDk27tlIKwW5QqOykB/DF4=
Received: from BN6PR06MB3089.namprd06.prod.outlook.com (10.174.95.163) by BN6PR06MB2338.namprd06.prod.outlook.com (10.173.19.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1294.20; Sun, 11 Nov 2018 17:20:39 +0000
Received: from BN6PR06MB3089.namprd06.prod.outlook.com ([fe80::c0b4:c45:1e23:713f]) by BN6PR06MB3089.namprd06.prod.outlook.com ([fe80::c0b4:c45:1e23:713f%3]) with mapi id 15.20.1294.044; Sun, 11 Nov 2018 17:20:39 +0000
From: "Everhart, Craig" <Craig.Everhart@netapp.com>
To: Chuck Lever <chuck.lever@oracle.com>, Benjamin Kaduk <kaduk@mit.edu>
CC: NFSv4 <nfsv4@ietf.org>
Thread-Topic: [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-measurement-03.txt
Thread-Index: AQHUeRYoFDMW2YiK+UCYJHfNz1YYOqVK0463
Date: Sun, 11 Nov 2018 17:20:39 +0000
Message-ID: <BN6PR06MB30897D2FF146508DD674AAE1F0C00@BN6PR06MB3089.namprd06.prod.outlook.com>
References: <154160412218.26446.11676556173331817093@ietfa.amsl.com> <74E10D08-6181-49C8-B994-6554C72C4B7D@oracle.com> <BBC9F2E1-4E81-4FE4-99D0-A0B23F33AAD4@netapp.com> <D1E8642B-9A07-4812-82E0-982EDC6EF73E@oracle.com> <578769FE-6C12-4003-A579-7FB461D99A8A@netapp.com> <32BFC3DE-BF20-4A3B-88AC-FAF2C19F714D@oracle.com> <CCC8A8EA-7D8D-440F-B29C-1D3577FC104D@netapp.com> <CDC6A311-4076-405B-AE4C-26A0BC8CE685@oracle.com> <20181110113100.GW65098@kduck.kaduk.org>, <B37DE303-A1B8-4817-B814-D9B7F8EDB954@oracle.com>
In-Reply-To: <B37DE303-A1B8-4817-B814-D9B7F8EDB954@oracle.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Craig.Everhart@netapp.com;
x-originating-ip: [40.67.185.246]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN6PR06MB2338; 6:5S0RSOmNiiPoMBqfg2Vm7vmIRsz0FmsQqAfL6OjZlbOryQvWlnJDudTpTsYG/9xeZ7JdRMQ1kSh23KTKtOeozzOx4wnn9sWn6eI1sXoLoBhzuIMmQ/HbypY830gTt0b6WUg2lBu3gETC0knCdNGnilb+qVDbXenOc+FenjvKsUiZt25RfBS/cMCkW0MAus+VO1Lq2Y8GSTDksceIMekNV6+N1hVAVFiZtHgSrRIn/aAVpaW3D3BKiz5JSD866+C2Am6QOM4+OktDc5VEHIAe2klkE1qG4mu7RXOQ5lkkgA6yRKMFyf9GoFZ7XFZ2mBqFpadkOgAUbiYL32JjD5Og6XI6EcnPvR/TUmBSr+gW8T9bvpCvGZWRcAfPLSMwSikBSoKlE95eOcDIFaRQbJS8G2LDslLE+qhSUZ5g1R1TfuEG1aYQngI5kFpx/JkvLTJsamzE0DX69the4pNye8bcpA==; 5:S4N3HI1E6boZRWU9bLhXwlsAruqNWtal9QRXKHUq1qaWYvFbWTJ3uon7I/BfetVEJwLLEK6PvjxgKPxtA8L/DEUqcXfL92FcXMdvpKoiJiB0JdP1jF5LU8Y/OjXr4ft+zg1eLybEiwsgMHm2rmXI25JXPLHplDSJsgPPqPKjQFM=; 7:iAau1jEGm1sDAd8xBFFQaYWHKR5kN2I6egzni68hb8YTN3CK6+Szo77R8Z3JxHecxIsO85sD/b6PJKUEiS/sSEANtiTB/ihuOdQNhOsnvybeg2FTm0cgML2oZVC3k7Nt9wyEYBUgjDxJbniz629eFQ==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: f7ada49f-079f-45de-6c9a-08d647fa007a
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390040)(7020095)(4652040)(8989299)(5600074)(711020)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:BN6PR06MB2338;
x-ms-traffictypediagnostic: BN6PR06MB2338:
x-microsoft-antispam-prvs: <BN6PR06MB233878949904B185BB51AB9DF0C00@BN6PR06MB2338.namprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(146099531331640)(192374486261705)(240460790083961)(131327999870524)(158342451672863)(81439100147899)(265313219721884);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(10201501046)(93006095)(93001095)(3231402)(944501410)(52105112)(3002001)(6055026)(148016)(149066)(150057)(6041310)(20161123558120)(20161123564045)(20161123560045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699051)(76991095); SRVR:BN6PR06MB2338; BCL:0; PCL:0; RULEID:; SRVR:BN6PR06MB2338;
x-forefront-prvs: 08534B37A7
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(136003)(376002)(346002)(39860400002)(396003)(199004)(189003)(11346002)(229853002)(71190400001)(76176011)(256004)(110136005)(446003)(14444005)(99286004)(5024004)(476003)(7696005)(486006)(2171002)(55016002)(53936002)(6246003)(6306002)(54896002)(236005)(26005)(71200400001)(53546011)(6506007)(186003)(316002)(9686003)(93886005)(33656002)(6436002)(102836004)(68736007)(2900100001)(3846002)(6116002)(25786009)(106356001)(606006)(4326008)(7736002)(72206003)(14454004)(97736004)(86362001)(45080400002)(105586002)(478600001)(66066001)(81156014)(81166006)(8676002)(74316002)(2906002)(8936002)(5660300001); DIR:OUT; SFP:1101; SCL:1; SRVR:BN6PR06MB2338; H:BN6PR06MB3089.namprd06.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: netapp.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: YekGQnj2LP4zl0ELQJV41Ewrcp/K3ujnaRWo8Io9t3y3LKtwr1Ggl5YZG0CrzAnnhRryfbsCtBHA22fhE19VI5eZMcwPq4lfWMStVoQ0eP2BynDdDD+OgRg1LEKcXzrRtgWflhTo/y0f+LgvtpUBHqO1Wn4JKrSTpZycKqU+oF2OlaOvE0UVeH28y16x9tkF9w3rkE8/hJ79MIidvVNJe779/2lVuFns82nuMl+I5IUnPS2SImRwYptM0iaGDojwHEHeHviqIi2PH62t3oxDFUmhaNVYp8prgDNNJjEFGJ6YY33opO/pihBP81HhVd3NURRrKVPrzQjfNmU8gHcALluGC/LrF/Tmg0Bh+Wr5AnQ=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BN6PR06MB30897D2FF146508DD674AAE1F0C00BN6PR06MB3089namp_"
MIME-Version: 1.0
X-OriginatorOrg: netapp.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f7ada49f-079f-45de-6c9a-08d647fa007a
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Nov 2018 17:20:39.4392 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4b0911a0-929b-4715-944b-c03745165b3a
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR06MB2338
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/AwB4RgB8uaitOPmhGBHIn_uMrfs>
Subject: Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-measurement-03.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Nov 2018 17:20:45 -0000
Is there something stopping you from implementing something now? To run your proposed experiment?
If this is to be useful for more than Linux platforms, it would seem that the other platforms’ communities would need to be able to participate, ideally in more than a transparent-repository fashion. Will those other platforms need to have interesting trust relationships with a Linux-based installation? Why or why not? What kinds of relationships are required?
Or is this a conduit for only Linux machines? If it is, will those multiple machines require trust relationships of interest? Surely it’s at least as interesting as having compatible, mutually-understood spaces for owners and groups; but from your document as well as the Linux reference that you’ve given, it’s not at all obvious what the answers are. At least not to me.
Craig
Get Outlook for iOS<https://aka.ms/o0ukef>
________________________________
From: Chuck Lever <chuck.lever@oracle.com>
Sent: Saturday, November 10, 2018 11:54:49 AM
To: Benjamin Kaduk; Everhart, Craig
Cc: NFSv4
Subject: Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-measurement-03.txt
NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe.
> On Nov 10, 2018, at 6:31 AM, Benjamin Kaduk <kaduk@MIT.EDU> wrote:
>
> On Thu, Nov 08, 2018 at 01:23:24PM -0500, Chuck Lever wrote:
>>
>>
>>> On Nov 8, 2018, at 12:03 PM, Everhart, Craig <Craig.Everhart@netapp.com> wrote:
>>>
>>> Hi Chuck, just one point.
>>>
>>> On 11/8/18, 11:54 AM, "Chuck Lever" <chuck.lever@oracle.com> wrote:
>>>
>>>> This means _any_ change
>>>> to the content between the time it is generated and the time it
>>>> is used can be detected.
>>>>
>>>> And detected by only these special tools.
>>>
>>> No, the FPI is evaluated by the provenance assessor before each
>>> access of the file.
>>>
>>> Perhaps you could clarify this architecture. The menagerie of tools that would be modified, this provenance assessor--what is the architecture of the system in which these tools exist? Is the "provenance assessor" part of the presumed OS on the NFS client?
>>
>> We're going in circles now. I've explained this before in e-mail
>> and in the document.
>>
>>
>>> Is it active when I read a file with the menagerie (e.g., "cp")?
>>
>> Depending on policy, it can be.
>>
>>
>>> At backup time?
>>
>> Depending on policy, it can be.
>>
>> The primary point of FPI is to prevent the use of corrupted file
>> contents. Copying or backing up file content is not necessarily
>> considered "use", but an administrator might be paranoid or want
>> some notification if tampering has occurred long before a file
>> is used. It's also possible that a tool can be constructed to
>> scrub a file system to pre-emptively identify corrupted content.
>>
>> Again, this document is not meant to be a full specification of
>> IMA and how it's used. A discussion of tooling is out of scope,
>> IMO.
>>
>
> I am not going to say that a discussion of tools needs to be in the
> document, but I think it's okay to have some discussion on the list to get
> people onboard with the idea that one can use this to build a useful
> system.
There already is a Linux implementation of IMA for local file
systems. Part of this effort will be prototyping the protocol
elements described in this document, and then assessing whether
they can be a successful part of the existing Linux IMA eco-
system (ie, do we end up with a useful system when NFS is
included?).
So I agree that such evaluation is necessary, but I feel like
it will come a little later when there is real code to try out.
I don't intend to push this document through publication without
prototyping and assessment.
> (There is precedent for wanting confidence that a useful system
> can be built, viz. my DISCUSS ballot position on
> draft-ietf-lisp-rfc6830bis. The situation here seems much simpler than
> that one is, though.)
Fair enough, it wasn't clear to me whether Craig was asking for
an informal discussion here on the list or for something to be
introduced into the document. To clarify what I wrote above, I
believe that a detailed discussion of tooling is out of scope
for the document.
Even so, the second paragraph of Section 1.1 reads:
File provenance information is generated and signed by a "provenance
authority", and then associated with each file using special tools.
Does more need to be said here and/or in Section 5.2 ?
--
Chuck Lever
- [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-me… internet-drafts
- [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-integri… Chuck Lever
- Re: [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-int… Everhart, Craig
- Re: [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-int… Chuck Lever
- Re: [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-int… Everhart, Craig
- Re: [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-int… Chuck Lever
- Re: [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-int… Everhart, Craig
- Re: [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-int… Chuck Lever
- Re: [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-int… David Noveck
- Re: [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-int… Chuck Lever
- Re: [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-int… Benjamin Kaduk
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Chuck Lever
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Everhart, Craig
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Benjamin Kaduk
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Chuck Lever